CLI and TUI tool for selecting AWS account/role credentials

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for troylar from gravatar.com troylar

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

aws-pick

PyPI version Python versions License: MIT Build status Coverage Downloads

Interactive TUI and Python library for selecting AWS account/role credentials.

Managing dozens of AWS accounts and IAM roles means constantly hunting through config files or retyping ARNs. aws-pick gives you a fast, keyboard-driven terminal UI to search, select, and act on account/role pairs -- and it embeds directly into your own Python tools as a library.

Installation

pip install aws-pick

Requires Python 3.10+.

Key Features

  • Interactive TUI -- Full-screen terminal selector built on Textual with keyboard navigation, real-time filtering, and multi-select
  • Embeddable library -- One function call (select_accounts()) drops the TUI into any Python script and returns structured results
  • Favorites and presets -- Star frequently used roles; save and reload named selection sets
  • Environment awareness -- Accounts are auto-classified as production/staging/development with color-coded tags and a confirmation gate before acting on production resources
  • Flexible grouping -- View accounts grouped by account name, by role name, or as a flat list -- cycle with a single keystroke
  • Selection history -- Tracks recently used account/role pairs with relative timestamps
  • Non-interactive mode -- Pass explicit account_id:role_name selections for CI/CD pipelines and scripts
  • Login callbacks -- Hook in your own authentication logic (SSO, STS AssumeRole, etc.) and get structured success/failure results

Quick Start

from aws_pick import select_accounts

result = select_accounts([
    {"account_id": "111111111111", "account_name": "prod", "role_name": "Admin"},
    {"account_id": "222222222222", "account_name": "dev", "role_name": "Developer"},
    {"account_id": "222222222222", "account_name": "dev", "role_name": "ReadOnly"},
])

if not result.cancelled:
    for item in result.selected:
        print(f"{item['account_name']} -> {item['role_name']}")

This launches the TUI, lets the user pick one or more account/role pairs, and returns the selections as a list of dicts.

Usage Examples

Basic: Embed in a CLI tool

from aws_pick import select_accounts

accounts = load_accounts_from_your_source()  # list of dicts

result = select_accounts(accounts, title="Deploy Target")

if result.cancelled:
    print("Aborted.")
else:
    for item in result.selected:
        deploy_to(item["account_id"], item["role_name"])

With login callbacks

Provide an on_login callback to authenticate immediately after selection. The TUI shows a progress screen as each login executes.

from aws_pick import select_accounts, LoginResult

def assume_role(item: dict) -> LoginResult:
    try:
        session = boto3.Session()
        sts = session.client("sts")
        sts.assume_role(
            RoleArn=f"arn:aws:iam::{item['account_id']}:role/{item['role_name']}",
            RoleSessionName="aws-pick",
        )
        return LoginResult(success=True)
    except Exception as e:
        return LoginResult(success=False, error=str(e))

result = select_accounts(accounts, on_login=assume_role)

if result.login_results:
    print(f"{result.login_results.succeeded}/{result.login_results.total} succeeded")

Non-interactive mode for scripts

Skip the TUI entirely by passing explicit selections. Useful for CI/CD, cron jobs, or wrapping in shell scripts.

from aws_pick import select_accounts

result = select_accounts(
    accounts,
    interactive=False,
    selections=["111111111111:Admin", "222222222222:Developer"],
)

Managing favorites and presets programmatically

from aws_pick import manage_favorites, manage_presets

# Favorites
favs = manage_favorites()
favs.add("111111111111", "Admin")
favs.add("222222222222", "Developer")
print(favs.list())   # [Favorite(...), ...]
favs.remove("111111111111", "Admin")

# Presets (named selection sets)
presets = manage_presets()
presets.save("deploy-prod", [
    Favorite(account_id="111111111111", role_name="Admin"),
    Favorite(account_id="333333333333", role_name="DeployRole"),
])
print(presets.list_names())  # ["deploy-prod"]
preset = presets.get("deploy-prod")

Keyboard Shortcuts

Key Action
Up / Down Navigate items
Space Toggle selection
Enter Confirm selections
Escape Cancel and exit
/ Focus filter bar
Tab Toggle filter / list focus
a / d Select all / Deselect all
f Toggle favorite
F Select all favorites
g Cycle grouping mode
s / l Save / Load preset
? Show help overlay

API Reference

select_accounts(accounts, *, interactive=True, selections=None, on_login=None, config_dir=None, title="Select Accounts")

Main entry point. Launches the TUI (or runs non-interactively) and returns a SelectionResult.

Parameter Type Description
accounts list[dict] List of dicts with account_id, account_name, role_name, and optional environment
interactive bool True for TUI, False for scripted selection
selections list[str] "account_id:role_name" strings (required when interactive=False)
on_login Callable Callback receiving a selected dict, returns LoginResult
config_dir str | Path Override config directory for favorites/presets/history
title str Panel header title in the TUI

SelectionResult

Field Type Description
selected list[dict] Selected account/role dicts
cancelled bool True if the user pressed Escape
login_results BatchLoginResult | None Login outcomes when on_login is provided

LoginResult

Field Type Description
success bool Whether login succeeded
error str | None Error message on failure

manage_favorites(*, config_dir=None) / manage_presets(*, config_dir=None)

Factory functions returning FavoritesManager and PresetsManager for programmatic CRUD on persisted favorites and named presets.

CLI

aws-pick also ships a CLI powered by Typer:

aws-pick select          # Launch the TUI selector
aws-pick favorites list  # List saved favorites
aws-pick preset list     # List saved presets
aws-pick history show    # Show selection history

Development

git clone https://github.com/troylar/aws-pick.git
cd aws-pick
pip install -e ".[dev]"

Running tests

pytest                     # All 225+ tests
pytest tests/unit          # Unit tests only
pytest tests/integration   # Integration + TUI pilot tests
pytest --cov=aws_pick      # With coverage

Code quality

ruff check .               # Lint
ruff check . --fix         # Auto-fix
black .                    # Format
mypy src/ --strict         # Type checking

Code style

  • Black with 120-char line length
  • Ruff (rules: E, F, I, N, W)
  • mypy strict mode
  • Type hints on all functions

Contributing

  1. Open an issue describing the change
  2. Fork and create a branch: issue-###-short-description
  3. Write tests (minimum 80% coverage)
  4. Ensure pytest, ruff check, and mypy --strict pass
  5. Open a PR referencing the issue (Closes #123)

Commit format: type(scope): description (#issue)

Roadmap

  • AWS SSO / IAM Identity Center integration
  • Profile generation (~/.aws/config writer)
  • Plugin system for custom login providers
  • Configurable environment patterns
  • Export selections to shell environment variables

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for troylar from gravatar.com troylar

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws_pick-0.1.2.tar.gz (79.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aws_pick-0.1.2-py3-none-any.whl (34.6 kB view details)

Uploaded Python 3

File details

Details for the file aws_pick-0.1.2.tar.gz.

File metadata

  • Download URL: aws_pick-0.1.2.tar.gz
  • Upload date:
  • Size: 79.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for aws_pick-0.1.2.tar.gz
Algorithm Hash digest
SHA256 50d0cb5f2f3392afcc3b62f15f82d8f767c8caa8b2df0fd98756c1f0b7c1aa10
MD5 b4d0202a4a000b1889caec75bc2138b7
BLAKE2b-256 d42daa2b613e5cc6949371fcd7a0a4c1bce2ef37d9315754f244f232bf9f5f91

See more details on using hashes here.

Provenance

The following attestation bundles were made for aws_pick-0.1.2.tar.gz:

Publisher: publish.yml on troylar/aws-pick

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file aws_pick-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: aws_pick-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 34.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for aws_pick-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 b3aef2e84cc3915de2fbaa358f48911b79b4e0e6978520c8511a7274f4111ec1
MD5 9f4842112b52f74c565613cedd71cb8f
BLAKE2b-256 36de7629004ccc930d270435383734362621e0a0c6a4c1754d4de322c399b006

See more details on using hashes here.

Provenance

The following attestation bundles were made for aws_pick-0.1.2-py3-none-any.whl:

Publisher: publish.yml on troylar/aws-pick

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page